Bug 249162 (CVE-2007-3950)

Summary: CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities
Product: [Fedora] Fedora Reporter: Ville Skyttä <ville.skytta>
Component: lighttpdAssignee: Matthias Saou <matthias>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 7CC: fedora-security-list
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.4.16-1.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-07-27 05:54:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2007-07-21 19:21:01 UTC 
http://www.vuxml.org/freebsd/fc9c217e-3791-11dc-bb1a-000fea449b8a.html

"Some vulnerabilities have been reported in lighttpd, which can be exploited by
malicious people to bypass certain security restrictions or cause a DoS (Denial
of Service)."
Comment 1 Lubomir Kundrak 2007-07-25 13:07:52 UTC 
CVE-2007-3946 Lighttpd SA 2007:04-07
CVE-2007-3947 Lighttpd SA 2007:03
CVE-2007-3948 ?
CVE-2007-3949 Lighttpd SA 2007:08 (patch: 
CVE-2007-3950 ?
?             Lighttpd SA 2007:09
Comment 2 Matthias Saou 2007-07-26 08:37:58 UTC 
Lighttpd 1.4.16 has just been released, and rebuilt for all current Fedora and
EPEL branches. Packages are waiting to be pushed.
Comment 3 Fedora Update System 2007-07-27 05:54:24 UTC 
lighttpd-1.4.16-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.